0

While reading about password breaches, it occurred to me; where are the TOTP shared secret breaches? Because TOTP relies on a shared secret (unlike say U2F) the server has a copy of the shared secret, which lends itself to the same vulnerability to be breached.

I've tried searching and found nothing, save for a potential incident with Linode (https://www.linode.com/blog/linode/security-investigation-retrospective/)

I'm sure we can speculate on the reasons why or why-not, but that is not my question. Am I just searching for the wrong things, or are TOTP secret breaches just that rare/non-existant? (recent & past events)

user8187
  • 141
  • 1
  • 6
  • 3
    The point of password breaches is that they are usually user excogitated and may be even used for more than one site. TOTP secrets however are randomly generated and site specific as far as I remember. So if a breach is known and all authentication data has been reset, keeping the TOTP secret seems pointless to me. – Robert Jul 28 '21 at 22:10
  • Ah that is a good point; unlike passwords which can be used for say spraying/stuffing, TOTP secrets cannot. – user8187 Jul 28 '21 at 22:23
  • 2
    https://en.wikipedia.org/wiki/RSA_SecurID in 2011, although that isn't 'right now' – dave_thompson_085 Jul 28 '21 at 23:38
  • @dave_thompson_085 oooh cool! Yeah when I said 'right now' I was referring to current/past events; so 2011 counts (I'll edit my question) – user8187 Jul 29 '21 at 00:17

0 Answers0